ReQuest Serious Play Media Player Directory Traversal File Disclosure Vulnerability

A directory traversal vulnerability allowing unauthenticated file disclosure has been identified in ReQuest Serious Play Media Player versions 3.0.0, 2.1.0.831, 1.5.2.822, 1.5.2.821, and 1.5.1.820. The vulnerability arises because the 'file' parameter in 'tail.html' and 'file.html' is not properly validated before being used to access web log files. This flaw can be exploited to reveal the contents of files from local resources.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of sensitive files from the local file system, including web log files.

Reproduction

The vulnerability can be reproduced by sending a request to 'tail.html' or 'file.html' with a crafted 'file' parameter that includes a directory traversal sequence. The server will respond with the contents of the specified file, bypassing any authentication or authorization checks.